notorious ways of exploitation search engine - ijsrd · notorious ways of exploitation search...

IJSRD || National Conference on Advances in Computer Science Engineering & Technology || May 2017 || ISSN: 2321-0613

©IJSRD 2017 Published by IJSRD 112

Notorious Ways of Exploitation Search Engine

Sohesh Doshi1 Meet Gadhiya

2 Sanket B Suthar

3

1,2,3Department of Information Technology

1,2,3Charusat University, Changa, 388421, India

Abstract— As time goes the use of internet & technology increases and become the part of the human in routine life. All

people continuously use to share their information either it's private or public via various source on the internet. This

information directly and indirectly interact with Google database searching the keyword on Google search engine give precise

information but in vary large scale ,but use of Google dorks help us to narrow this scale and retrieve specific result. This

research paper's objective is mainly focus on how hackers use Google dorks to steal information on the database.

Key words: Google Search Engine, Exploitation Search Engine

I. INTRODUCTION

In Our Daily Lives, we are connected to the internet. 32 billion people are online on the internet. In 1995 it was less than 1%

people who used the internet. In 2016 there was more than 3 billion user. As per the current situation we do analysis of

internet users by regions worldwide since year 2000 to January 2017.

Year Internet User Non-Internet User World Population %

2000 414,794,957 5,711,827,164 6,126,622,121 6.8

2005 1,030,101,289 5,489,534,561 6,519,635,850 15.8

2010 2,023,202,974 4,906,522,069 6,929,725,043 29.2

2015 3,185,996,155 4,163,475,944 7,349,472,099 43.4

2017* 3,575,870,700 3,911,038,788 7,486,909,488 47.76

Table 1: Internet users

Fig. 1: Internet Users in World by Regions January 2017

Major Actives Performed by people on the internet are sent & Read Email, a search engine to find information,

search for map driving direction, Look for info on a hobby or interest etc. 85% People are Used Search engine 6,586,013,574

searches a day worldwide Google can process 40,000 query per a second, 3.5 billion per a day and 1.2 trillion searches per a

year [6].

Fig. 2: Activities on Internet by 26 February 2017

Steve Mansfield-Devine says that instead of using penetration testing software like NMAP, Nessus etc. use Google

and your first stop should be something much more basic: Google [5].


(IJSRD/Conf/NCACSET/2017/025)

113

II. REVIEW OF LITERATURE

A. Google Basic

When you search in a Google search engine it gives appropriate search compare to others Search engine.

Google used some special kind of algorithm while other search engine doesn’t. Google used some auto med program

called "spider" or "crawl". Google also used some trademarked algorithm called "Page Rank" which assigns each Web page a

relevancy score [4].

This Algorithm depends on a few factors:-

Frequency and location of the keywords within a web page: If some of the keywords have a low frequency on a web page

then it assigns law rank to the web page.

How Long Webpage has Existed: People created web page daily goggle assign that web page how they important.

The number of other Web pages that link to the page in question: Google shows that how many other web pages link to

that site.

The third rule are easy than others let's consider example we search keyword “Techno" in Google. Google show that

pages on top whose rank is important or more than others. Because Google looks link to the web pages as a vote. The

Information we search on internet first content discovered then indexing and analysed than content and store in a huge

database when some query fetch gives a response or show relevant pages.

III. PROPOSED WORK

A. What Is Google Dorks?

Google Dorks is that kind of a person who gives secure, sensitive, and particular information from all the internet sources. We

can use Google Dorks for faster, better, and powerful search. If your website has some vulnerability than Google provides all

information to the hacker using this dork. The concept of Google dorks create by Johnny long 2002 and uncovered the

vulnerable system and disclosed sensitive information. Google hacking techniques were the focus of a book released by

Johnny Long in 2005, called Google Hacking for Penetration Testers, Volume 1 Don't Underestimate power of Google dorks

most powerful search in world.

B. Types of Vulnerability Google Dorks Can Revel

Footholds

Web server detection

Files contains username

Sensitive directory

Vulnerable files

Files contain password

Vulnerable server

Sensitive online shopping info

Error message

Juicy files

Login portal

Various online device

Network files or more

C. List of dorks with example

In this section we are going to test total 7 dorks and do analysis the results retrieved from Google search engine among

thousands of dorks. Here by using “intitle” we retrieves the “page title”, by using “filetype” we retrieves the particular file

from the website, by using “cache” we retrieves particular cache of the website, by using “intext” we retrieves “website text”,

by using “link” we retrieves links of particular website that are connected with other website, by using “phonebook” we

retrieves the phone number of particular person, by using “related” we retrieves the website which are related with each other

[2], by using “site” we can able to search for particular site or domain

1) In title Dork

Fig. 3: Searching database password files with the help of “intitle dork”



114

2) File type Dork

Fig. 4: Searching file formats using “filetype dork”

3) Cache Dork

Cache: www.timesofindia.com

This keyword gives us particular cache of the website for specific date and time. If we want to read the content of particular

website before the current time, it can be possible by entering “cache” keyword.

4) In text Dork

Fig. 5: Searching admin login page using “intext dork” [1]

5) Link Dork

Fig. 6: Searching all the links for particular website using "link dork"



115

6) Phonebook Dork

Fig. 7: Searching phone number of particular person using "phonebook dork"

7) Related Dork

Fig. 8: Related website list which contain news keyword

8) Site Dork

Fig. 9: List of all site which are include with "charusat.ac.in" using "site dork”

D. Real Time Implementation

As we have seen individual dork examples in previous section for retrieving documents, images, personal files, phone

numbers, website admin related links etc., now we can combine these dorks and create some queries and we get talismanic

results.

Here below we executed some queries by applying some combinations of dorks:

1) Multimedia File Query

multimedia name -inurl:(htm|html|php|pls|txt) intitle:index.of \"last modified\" (mp4|wma|aac|avi)"



116

In this query the multimedia name can be like movie name, music artist name etc. This query “inurl dork” searches html, htm,

php, pls, text content and “intitle dork” searches for index for particular website that contains mp4, wma, aac, avi files. User

can also modify as per their requirements.

Fig. 10: Multimedia file query

2) Find Book Using This Query

allinurl: +(rar|chm|zip|pdf|tgz) Book name

By using this query we can find books from parent directory of particular website. In above query “allinurl dork” can search

in parent directory that modified last time which gives us file in rar, chm, zip, pdf and tgz format. By modifying this query

user can get file in any format.

Fig. 11: Find Book using This Query

E. List of dorks that can be mixed or not with other operator

Fig. 12: Dorks that mixed with other operators [7]

IV. CONCLUSION

We have already outlined some of the dorks and the combination of the dorks which are used to download secret or private

documents from the index of the website and by using this we get talismanic results. Google dorks have their own pros and

cons, end user able to hack a website and web developer cannot protect their information. The hackers can able to get

database related information which is very serious issue.

REFERENCES

[1] Priyanka VK. “Detection of SQL Injection Attack and Various Prevention Strategies”. International Journal of

Engineering and Advanced Technology (IJEAT) vol. 2013, pp. 457-60.

[2] Wilhoit, Kyle. "Who’s Really Attacking Your ICS Equipment?." Trend Micro (2013).

[3] Lancor, Lisa, and Robert Workman. "Using Google hacking to enhance defence strategies." In ACM SIGCSE Bulletin,

vol. 39, no. 1, pp. 491-495. ACM, 2007.

[4] Invernizzi, Luca, and Paolo Milani Comparetti. "Evilseed: A guided approach to finding malicious web pages." In

Security and Privacy (SP), 2012 IEEE Symposium on, pp. 428-442. IEEE, 2012.

[5] Mansfield-Devine, Steve. "Google hacking 101." Network Security 2009, no. 3 (2009): 4-6.

[6] Zhang, Jialong, Jayant Notani, and Guofei Gu. "Characterizing Google hacking: a first large-scale quantitative study." In

International Conference on Security and Privacy in Communication Systems, pp. 602-622. Springer International

Publishing, 2014.

[7] Vaibhav Sharma, Dr. Yashpal Singh International Journal of Enhanced Research in Management & Computer

Applications, Vol. 5 Issue 6, June-2016.

notorious ways of exploitation search engine - ijsrd · notorious ways of exploitation search...

Documents